Updated Privacy Policy: EU-U.S., UK, Swiss-U.S., U.S., and LATAM Compliance Frameworks (Data Processor Role)

Effective Date: November 1st, 2024
Last Updated: November 1st, 2024

Moonflow LLC (“we,” “our,” “us”) acts as a data processor, processing personal data on behalf of our customers (the data controllers). This Privacy Policy outlines our commitment to protecting personal data in compliance with the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, the Swiss-U.S. DPF, U.S. privacy laws (including the California Consumer Privacy Act, CCPA), and relevant Latin American (LATAM) regulations, including Brazil’s General Data Protection Law (LGPD) and Mexico’s Federal Law on Protection of Personal Data (LFPDPPP).

1. Notice

 

Moonflow LLC processes personal data strictly in accordance with our customers’ instructions and applicable laws. We do not determine the purposes or means of processing; this is the responsibility of our customers (data controllers). The personal data processed may include:

  • Contact Information: Name, email address, phone number.
  • Account Information: Usernames, billing information.
  • Behavioral Data: Usage patterns, preferences.
  • Sensitive Data: Processed only with explicit consent as instructed by our customers.

Data Retention

We retain personal data only as required by our agreements with customers or applicable legal obligations. Upon termination of the agreement or upon request by the customer, personal data is securely deleted or returned, unless retention is required by law.

If you have questions regarding how your data is processed, please contact the data controller (our customer) directly. If you have questions about this Privacy Policy, you may contact us:
Email: jr@moonflow.ai
Mailing Address: 30 N Gould St, Sheridan, Wyoming, 82801, USA

2. Choice

 

Moonflow LLC follows the instructions of our customers regarding the rights of data subjects, including:

  • Providing access to personal data.
  • Handling requests to restrict or object to processing.
  • Addressing opt-out requests (e.g., for CCPA or LGPD).
  • Managing withdrawal of consent for processing sensitive personal data.

Opt-Out and Consent Withdrawal

If you wish to exercise these rights, please contact the data controller (our customer) directly. Moonflow LLC supports our customers in fulfilling these requests as part of our data processing agreement.

3. Accountability for Onward Transfer

 

Moonflow LLC may share personal data with subprocessors as required to deliver our services. Subprocessors are bound by contracts ensuring they:

  • Process data only as instructed by Moonflow LLC and our customers.
  • Adhere to the same level of data protection required by applicable regulations.

International Data Transfers

Moonflow LLC ensures compliance with international data transfer regulations through mechanisms such as:

  • Standard Contractual Clauses (SCCs).
  • Adequacy decisions.
  • Other lawful means.

A list of our subprocessors is available upon request and is provided to customers in accordance with our agreements.

4. Security

 

Moonflow LLC implements robust technical and organizational measures to protect personal data, including:

  • Encryption of data in transit and at rest.
  • Access controls to prevent unauthorized access.
  • Regular audits and security assessments.

We comply with applicable data protection laws, including GDPR, LGPD, and CCPA, in securing personal data.

5. Data Integrity and Purpose Limitation

 

Moonflow LLC processes personal data only as instructed by our customers. We do not use personal data for purposes beyond those specified by the data controller. We assist our customers in ensuring data accuracy, completeness, and relevance as required by applicable regulations.

6. Access

As a data processor, Moonflow LLC does not directly respond to data subject access requests. However, we support our customers in fulfilling such requests, including:

  • Providing access to personal data.
  • Assisting with corrections, amendments, or deletions.
  • Enabling portability of data where applicable (e.g., under LGPD or GDPR).

If you wish to exercise these rights, please contact the data controller directly. Moonflow LLC will assist the data controller in responding to your request as required by law.

7. Automated Decision-Making

 

Moonflow LLC does not engage in automated decision-making processes that produce legal or similarly significant effects. Any such processing would only occur under explicit instruction from our customers.

8. Recourse, Enforcement, and Liability

 

Moonflow LLC commits to assisting our customers in resolving complaints related to data protection. If you have a concern or dispute regarding your personal data, please contact the data controller (our customer). Moonflow LLC will support the data controller in addressing the complaint in accordance with applicable laws.

If unresolved, the following mechanisms apply:

  • EU/UK Individuals: Relevant Data Protection Authorities (DPAs) or the UK Information Commissioner’s Office (ICO).
  • Swiss Individuals: The Swiss Federal Data Protection and Information Commissioner (FDPIC).
  • LATAM Individuals: Relevant national data protection authorities, such as Brazil’s ANPD or Mexico’s INAI.

9. Verification

 

Moonflow LLC verifies compliance with applicable data protection frameworks through self-assessment and external compliance reviews, as required by agreements with customers or regulators.

10. Changes to This Privacy Policy

 

We may update this Privacy Policy to reflect changes in our practices or legal obligations. Updates will be communicated to our customers and posted on our website with the revised effective date.

Contact Us

 

If you have questions about this Privacy Policy or our compliance with data protection regulations, please contact us:
Email: jr@moonflow.ai
Phone: +1 551 273 2773
Mailing Address: 30 N Gould St, Sheridan, Wyoming, 82801, USA

This Privacy Policy reflects our role as a data processor and our commitment to supporting our customers’ compliance with global data protection frameworks, including GDPR, LGPD, CCPA, and others.